urlscan.io logo urlscan.io
SecurityTrails logo

vps-1c473bcd.vps.ovh.net Open in urlscan Pro
51.195.149.12  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://difpt.org/admin/
Effective URL: http://vps-1c473bcd.vps.ovh.net/.outlook.ch/connect/login.php?wa=wsignin1.0&rpsnv=13&ct=1557865715&rver=7.0.6737.0&wp=MBI_SSL&wr...
Submission Tags: 6797240
Submission: On October 05 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 3 countries across 5 domains to perform 12 HTTP transactions. The main IP is 51.195.149.12, located in France and belongs to OVH, FR. The main domain is vps-1c473bcd.vps.ovh.net.
This is the only time vps-1c473bcd.vps.ovh.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 166.62.10.186 26496 (AS-26496-...)
1 9 51.195.149.12 16276 (OVH)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700:20:... 13335 (CLOUDFLAR...)
1 67.202.94.94 32748 (STEADFAST)
12 6
1    166.62.10.186 (Scottsdale, United States)

ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: ip-166-62-10-186.ip.secureserver.net
difpt.org
9    51.195.149.12 (France)

ASN16276 (OVH, FR)
PTR: vps-1c473bcd.vps.ovh.net
vps-1c473bcd.vps.ovh.net
1    2a00:1450:4001:803::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
1    2606:4700:20::ac43:4739 (United States)

ASN13335 (CLOUDFLARENET, US)
waust.at
1    67.202.94.94 (Chicago, United States)

ASN32748 (STEADFAST, US)
PTR: amung.us
whos.amung.us
Apex Domain
Subdomains		 Transfer
9 ovh.net
vps-1c473bcd.vps.ovh.net
73 KB
1 amung.us
whos.amung.us
210 B
1 waust.at
waust.at
8 KB
1 googleapis.com
ajax.googleapis.com
30 KB
1 difpt.org
difpt.org
337 B
12 5
Domain Requested by
9 vps-1c473bcd.vps.ovh.net 1 redirects vps-1c473bcd.vps.ovh.net
1 whos.amung.us waust.at
1 waust.at vps-1c473bcd.vps.ovh.net
1 ajax.googleapis.com vps-1c473bcd.vps.ovh.net
1 difpt.org
12 5

This site contains links to these domains. Also see Links.

Domain
whos.amung.us
Subject Issuer Validity Valid
difpt.org
Sectigo RSA Domain Validation Secure Server CA		 2020-06-23 -
2022-09-25		 2 years crt.sh
upload.video.google.com
GTS CA 1O1		 2020-09-03 -
2020-11-26		 3 months crt.sh

This page contains 1 frames:

Primary Page: http://vps-1c473bcd.vps.ovh.net/.outlook.ch/connect/login.php?wa=wsignin1.0&rpsnv=13&ct=1557865715&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fauthRedirect%3dtrue%26nlp%3d1%26RpsCsrfState%3d622be80b-4f64-ee5a-3e56-acf0e690b14f&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015
Frame ID: B310BF0C1D9CC0F0F343E697883F11DE
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://difpt.org/admin/ Page URL
  2. http://vps-1c473bcd.vps.ovh.net/ Page URL
  3. http://vps-1c473bcd.vps.ovh.net/.outlook.ch/connect/ HTTP 302
    http://vps-1c473bcd.vps.ovh.net/.outlook.ch/connect/login.php?wa=wsignin1.0&rpsnv=13&ct=1557865715&rver=7.0.... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
  • script /(?:\/([\d.]+))?(?:\/js)?\/bootstrap(?:\.min)?\.js/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Overall confidence: 100%
Detected patterns
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

12
Requests

17 %
HTTPS

40 %
IPv6

5
Domains

5
Subdomains

6
IPs

3
Countries

110 kB
Transfer

368 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://difpt.org/admin/ Page URL
  2. http://vps-1c473bcd.vps.ovh.net/ Page URL
  3. http://vps-1c473bcd.vps.ovh.net/.outlook.ch/connect/ HTTP 302
    http://vps-1c473bcd.vps.ovh.net/.outlook.ch/connect/login.php?wa=wsignin1.0&rpsnv=13&ct=1557865715&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fauthRedirect%3dtrue%26nlp%3d1%26RpsCsrfState%3d622be80b-4f64-ee5a-3e56-acf0e690b14f&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
difpt.org/admin/ 		228 B
337 B 		Document
General
Check archive.org
Download Go to
Full URL
https://difpt.org/admin/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
166.62.10.186 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
ip-166-62-10-186.ip.secureserver.net
Software
Apache /
Resource Hash
1443673d11bd9a82928b79ae23d8de599adcf9ce4c34f8305454d375c65fd4ef

Request headers

:method
GET
:authority
difpt.org
:scheme
https
:path
/admin/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
date
Mon, 05 Oct 2020 18:50:20 GMT
server
Apache
last-modified
Wed, 30 Sep 2020 18:51:33 GMT
etag
"7024e38-e4-5b08c6368b4b6-gzip"
accept-ranges
bytes
vary
Accept-Encoding,User-Agent
content-encoding
gzip
content-length
186
content-type
text/html
Cookie set /
vps-1c473bcd.vps.ovh.net/ 		211 B
591 B 		Document
General
Check archive.org
Download Go to
Full URL
http://vps-1c473bcd.vps.ovh.net/
Protocol
HTTP/1.1
Server
51.195.149.12 , France, ASN16276 (OVH, FR),
Reverse DNS
vps-1c473bcd.vps.ovh.net
Software
Apache/2.4.41 (Ubuntu) /
Resource Hash
558e3516f873c181986f54316738ac717fac6913e5616f75284f6b1fef43faa4

Request headers

Host
vps-1c473bcd.vps.ovh.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 05 Oct 2020 18:50:21 GMT
Server
Apache/2.4.41 (Ubuntu)
Set-Cookie
PHPSESSID=t4oe1t1k0fk2bgg5u4rssbpqo5; path=/
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
171
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.3.1/ 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
Requested by
Host: vps-1c473bcd.vps.ovh.net
URL: http://vps-1c473bcd.vps.ovh.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://vps-1c473bcd.vps.ovh.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 05 Oct 2020 17:55:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3287
status
200
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30399
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 05 Oct 2021 17:55:34 GMT
Primary Request login.php
vps-1c473bcd.vps.ovh.net/.outlook.ch/connect/
Redirect Chain
  • http://vps-1c473bcd.vps.ovh.net/.outlook.ch/connect/
  • http://vps-1c473bcd.vps.ovh.net/.outlook.ch/connect/login.php?wa=wsignin1.0&rpsnv=13&ct=1557865715&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fauthRedirect%3dtrue%26...
2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://vps-1c473bcd.vps.ovh.net/.outlook.ch/connect/login.php?wa=wsignin1.0&rpsnv=13&ct=1557865715&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fauthRedirect%3dtrue%26nlp%3d1%26RpsCsrfState%3d622be80b-4f64-ee5a-3e56-acf0e690b14f&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015
Requested by
Host: vps-1c473bcd.vps.ovh.net
URL: http://vps-1c473bcd.vps.ovh.net/
Protocol
HTTP/1.1
Server
51.195.149.12 , France, ASN16276 (OVH, FR),
Reverse DNS
vps-1c473bcd.vps.ovh.net
Software
Apache/2.4.41 (Ubuntu) /
Resource Hash
dee58b63a7a07b3bcc36cadc32090d62e207467a950b2de9264b7c5e48a690a1

Request headers

Host
vps-1c473bcd.vps.ovh.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://vps-1c473bcd.vps.ovh.net/
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Cookie
PHPSESSID=t4oe1t1k0fk2bgg5u4rssbpqo5
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
http://vps-1c473bcd.vps.ovh.net/

Response headers

Date
Mon, 05 Oct 2020 18:50:22 GMT
Server
Apache/2.4.41 (Ubuntu)
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
1015
Keep-Alive
timeout=5, max=98
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8

Redirect headers

Date
Mon, 05 Oct 2020 18:50:21 GMT
Server
Apache/2.4.41 (Ubuntu)
Location
login.php?wa=wsignin1.0&rpsnv=13&ct=1557865715&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fauthRedirect%3dtrue%26nlp%3d1%26RpsCsrfState%3d622be80b-4f64-ee5a-3e56-acf0e690b14f&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015
Content-Length
0
Keep-Alive
timeout=5, max=99
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
bootstrap.min.css
vps-1c473bcd.vps.ovh.net/.outlook.ch/connect/css/ 		118 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://vps-1c473bcd.vps.ovh.net/.outlook.ch/connect/css/bootstrap.min.css
Requested by
Host: vps-1c473bcd.vps.ovh.net
URL: http://vps-1c473bcd.vps.ovh.net/.outlook.ch/connect/login.php?wa=wsignin1.0&rpsnv=13&ct=1557865715&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fauthRedirect%3dtrue%26nlp%3d1%26RpsCsrfState%3d622be80b-4f64-ee5a-3e56-acf0e690b14f&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015
Protocol
HTTP/1.1
Server
51.195.149.12 , France, ASN16276 (OVH, FR),
Reverse DNS
vps-1c473bcd.vps.ovh.net
Software
Apache/2.4.41 (Ubuntu) /
Resource Hash
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c

Request headers

Referer
http://vps-1c473bcd.vps.ovh.net/.outlook.ch/connect/login.php?wa=wsignin1.0&rpsnv=13&ct=1557865715&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fauthRedirect%3dtrue%26nlp%3d1%26RpsCsrfState%3d622be80b-4f64-ee5a-3e56-acf0e690b14f&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 05 Oct 2020 18:50:23 GMT
Content-Encoding
gzip
Last-Modified
Mon, 25 Jul 2016 17:53:28 GMT
Server
Apache/2.4.41 (Ubuntu)
ETag
"1d970-538797626b600-gzip"
Vary
Accept-Encoding
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97
Content-Length
19744
style.css
vps-1c473bcd.vps.ovh.net/.outlook.ch/connect/css/ 		9 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://vps-1c473bcd.vps.ovh.net/.outlook.ch/connect/css/style.css
Requested by
Host: vps-1c473bcd.vps.ovh.net
URL: http://vps-1c473bcd.vps.ovh.net/.outlook.ch/connect/login.php?wa=wsignin1.0&rpsnv=13&ct=1557865715&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fauthRedirect%3dtrue%26nlp%3d1%26RpsCsrfState%3d622be80b-4f64-ee5a-3e56-acf0e690b14f&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015
Protocol
HTTP/1.1
Server
51.195.149.12 , France, ASN16276 (OVH, FR),
Reverse DNS
vps-1c473bcd.vps.ovh.net
Software
Apache/2.4.41 (Ubuntu) /
Resource Hash
165c7ebd612c67eb88bd1545c301b98b125d526dd15842fd3268394db3011537

Request headers

Referer
http://vps-1c473bcd.vps.ovh.net/.outlook.ch/connect/login.php?wa=wsignin1.0&rpsnv=13&ct=1557865715&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fauthRedirect%3dtrue%26nlp%3d1%26RpsCsrfState%3d622be80b-4f64-ee5a-3e56-acf0e690b14f&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 05 Oct 2020 18:50:23 GMT
Content-Encoding
gzip
Last-Modified
Thu, 28 May 2020 23:05:08 GMT
Server
Apache/2.4.41 (Ubuntu)
ETag
"2452-5a6bd5c1d3100-gzip"
Vary
Accept-Encoding
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
2869
jquery.min.js
vps-1c473bcd.vps.ovh.net/.outlook.ch/connect/js/ 		95 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://vps-1c473bcd.vps.ovh.net/.outlook.ch/connect/js/jquery.min.js
Requested by
Host: vps-1c473bcd.vps.ovh.net
URL: http://vps-1c473bcd.vps.ovh.net/.outlook.ch/connect/login.php?wa=wsignin1.0&rpsnv=13&ct=1557865715&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fauthRedirect%3dtrue%26nlp%3d1%26RpsCsrfState%3d622be80b-4f64-ee5a-3e56-acf0e690b14f&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015
Protocol
HTTP/1.1
Server
51.195.149.12 , France, ASN16276 (OVH, FR),
Reverse DNS
vps-1c473bcd.vps.ovh.net
Software
Apache/2.4.41 (Ubuntu) /
Resource Hash
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404

Request headers

Referer
http://vps-1c473bcd.vps.ovh.net/.outlook.ch/connect/login.php?wa=wsignin1.0&rpsnv=13&ct=1557865715&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fauthRedirect%3dtrue%26nlp%3d1%26RpsCsrfState%3d622be80b-4f64-ee5a-3e56-acf0e690b14f&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 05 Oct 2020 18:50:23 GMT
Content-Encoding
gzip
Last-Modified
Sun, 09 Dec 2018 19:14:36 GMT
Server
Apache/2.4.41 (Ubuntu)
ETag
"17b8b-57c9ba8b89f00-gzip"
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
33760
bootstrap.min.js
vps-1c473bcd.vps.ovh.net/.outlook.ch/connect/js/ 		36 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://vps-1c473bcd.vps.ovh.net/.outlook.ch/connect/js/bootstrap.min.js
Requested by
Host: vps-1c473bcd.vps.ovh.net
URL: http://vps-1c473bcd.vps.ovh.net/.outlook.ch/connect/login.php?wa=wsignin1.0&rpsnv=13&ct=1557865715&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fauthRedirect%3dtrue%26nlp%3d1%26RpsCsrfState%3d622be80b-4f64-ee5a-3e56-acf0e690b14f&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015
Protocol
HTTP/1.1
Server
51.195.149.12 , France, ASN16276 (OVH, FR),
Reverse DNS
vps-1c473bcd.vps.ovh.net
Software
Apache/2.4.41 (Ubuntu) /
Resource Hash
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef

Request headers

Referer
http://vps-1c473bcd.vps.ovh.net/.outlook.ch/connect/login.php?wa=wsignin1.0&rpsnv=13&ct=1557865715&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fauthRedirect%3dtrue%26nlp%3d1%26RpsCsrfState%3d622be80b-4f64-ee5a-3e56-acf0e690b14f&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 05 Oct 2020 18:50:23 GMT
Content-Encoding
gzip
Last-Modified
Mon, 25 Jul 2016 17:53:30 GMT
Server
Apache/2.4.41 (Ubuntu)
ETag
"90b5-5387976453a80-gzip"
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
9833
validate.js
vps-1c473bcd.vps.ovh.net/.outlook.ch/connect/js/ 		318 B
545 B 		Script
General
Check archive.org
Download Go to
Full URL
http://vps-1c473bcd.vps.ovh.net/.outlook.ch/connect/js/validate.js
Requested by
Host: vps-1c473bcd.vps.ovh.net
URL: http://vps-1c473bcd.vps.ovh.net/.outlook.ch/connect/login.php?wa=wsignin1.0&rpsnv=13&ct=1557865715&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fauthRedirect%3dtrue%26nlp%3d1%26RpsCsrfState%3d622be80b-4f64-ee5a-3e56-acf0e690b14f&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015
Protocol
HTTP/1.1
Server
51.195.149.12 , France, ASN16276 (OVH, FR),
Reverse DNS
vps-1c473bcd.vps.ovh.net
Software
Apache/2.4.41 (Ubuntu) /
Resource Hash
a446fcd80b3e207f1a704f1876bc8086495d8ccf87522af44c8a16af0cc59b19

Request headers

Referer
http://vps-1c473bcd.vps.ovh.net/.outlook.ch/connect/login.php?wa=wsignin1.0&rpsnv=13&ct=1557865715&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fauthRedirect%3dtrue%26nlp%3d1%26RpsCsrfState%3d622be80b-4f64-ee5a-3e56-acf0e690b14f&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 05 Oct 2020 18:50:23 GMT
Content-Encoding
gzip
Last-Modified
Sun, 09 Dec 2018 20:38:02 GMT
Server
Apache/2.4.41 (Ubuntu)
ETag
"13e-57c9cd31a1e80-gzip"
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
195
d.js
waust.at/ 		13 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://waust.at/d.js
Requested by
Host: vps-1c473bcd.vps.ovh.net
URL: http://vps-1c473bcd.vps.ovh.net/.outlook.ch/connect/login.php?wa=wsignin1.0&rpsnv=13&ct=1557865715&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fauthRedirect%3dtrue%26nlp%3d1%26RpsCsrfState%3d622be80b-4f64-ee5a-3e56-acf0e690b14f&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015
Protocol
HTTP/1.1
Server
2606:4700:20::ac43:4739 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8fb1850e00c24b83e04ea4f41fe5774cff1d476a293fa7b35cba97827eb194cd

Request headers

Referer
http://vps-1c473bcd.vps.ovh.net/.outlook.ch/connect/login.php?wa=wsignin1.0&rpsnv=13&ct=1557865715&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fauthRedirect%3dtrue%26nlp%3d1%26RpsCsrfState%3d622be80b-4f64-ee5a-3e56-acf0e690b14f&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 05 Oct 2020 18:50:23 GMT
content-encoding
gzip
CF-Cache-Status
HIT
Age
2733
Transfer-Encoding
chunked
Connection
keep-alive
cf-request-id
059bb2cdea0000dfebe29bf200000001
last-modified
Mon, 05 Oct 2020 15:47:03 GMT
Server
cloudflare
etag
W/"5f7b3ff7-3444"
Vary
Accept-Encoding
Content-Type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=86400
CF-RAY
5dd953f6491ddfeb-FRA
expires
Tue, 06 Oct 2020 18:04:50 GMT
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68

Request headers

Referer
http://vps-1c473bcd.vps.ovh.net/.outlook.ch/connect/css/style.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml
microsoft_logo.svg
vps-1c473bcd.vps.ovh.net/.outlook.ch/connect/img/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://vps-1c473bcd.vps.ovh.net/.outlook.ch/connect/img/microsoft_logo.svg
Requested by
Host: vps-1c473bcd.vps.ovh.net
URL: http://vps-1c473bcd.vps.ovh.net/.outlook.ch/connect/css/style.css
Protocol
HTTP/1.1
Server
51.195.149.12 , France, ASN16276 (OVH, FR),
Reverse DNS
vps-1c473bcd.vps.ovh.net
Software
Apache/2.4.41 (Ubuntu) /
Resource Hash
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Request headers

Referer
http://vps-1c473bcd.vps.ovh.net/.outlook.ch/connect/css/style.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 05 Oct 2020 18:50:25 GMT
Last-Modified
Sat, 08 Dec 2018 18:54:24 GMT
Server
Apache/2.4.41 (Ubuntu)
ETag
"e43-57c8742a39800"
Content-Type
image/svg+xml
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=96
Content-Length
3651
/
whos.amung.us/pingjs/ 		28 B
210 B 		Script
General
Check archive.org
Download Go to
Full URL
http://whos.amung.us/pingjs/?k=h8xkneis41&t=Melden%20Sie%20sich%20bei%20Ihrem%20Microsoft-Konto%20an&c=d&x=http%3A%2F%2Fvps-1c473bcd.vps.ovh.net%2F.outlook.ch%2Fconnect%2Flogin.php%3Fwa%3Dwsignin1.0%26rpsnv%3D13%26ct%3D1557865715%26rver%3D7.0.6737.0%26wp%3DMBI_SSL%26wreply%3Dhttps%253a%252f%252foutlook.live.com%252fowa%252f%253fauthRedirect%253dtrue%2526nlp%253d1%2526RpsCsrfState%253d622be80b-4f64-ee5a-3e56-acf0e690b14f%26id%3D292841%26aadredir%3D1%26CBCXT%3Dout%26lw%3D1%26fl%3Ddob%252cflname%252cwld%26cobrandid%3D90015&y=http%3A%2F%2Fvps-1c473bcd.vps.ovh.net%2F&a=0&v=27&r=7205
Requested by
Host: waust.at
URL: http://waust.at/d.js
Protocol
HTTP/1.1
Server
67.202.94.94 Chicago, United States, ASN32748 (STEADFAST, US),
Reverse DNS
amung.us
Software
/
Resource Hash
9ea53c4396b4de5405d05310f9bbbc49b59df1833972014e325d7daf7657b7c3

Request headers

Referer
http://vps-1c473bcd.vps.ovh.net/.outlook.ch/connect/login.php?wa=wsignin1.0&rpsnv=13&ct=1557865715&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fauthRedirect%3dtrue%26nlp%3d1%26RpsCsrfState%3d622be80b-4f64-ee5a-3e56-acf0e690b14f&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 05 Oct 2020 18:50:26 GMT
content-encoding
gzip
transfer-encoding
chunked
content-type
text/javascript;charset=UTF-8
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6f4587fb64cd2e7ce26ba21941c80f3ab8d28c257b73d04a87c949b32e4cde2d

Request headers

Referer
http://vps-1c473bcd.vps.ovh.net/.outlook.ch/connect/login.php?wa=wsignin1.0&rpsnv=13&ct=1557865715&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fauthRedirect%3dtrue%26nlp%3d1%26RpsCsrfState%3d622be80b-4f64-ee5a-3e56-acf0e690b14f&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| trustedTypes function| $ function| jQuery object| jQuery112402330520024923468 function| validateLogin object| _wau string| wau_w_col string| wau_w_siz object| WAU_ren function| WAU_dynamic function| WAU_dynamic_request function| WAU_r_d function| WAU_insert function| WAU_la function| WAU_addCommas function| WAU_lrd function| WAU_lrs function| WAU_cps function| docReady object| x string| x1 string| x2

1 Cookies

Domain/Path Name / Value
vps-1c473bcd.vps.ovh.net/ Name: PHPSESSID
Value: t4oe1t1k0fk2bgg5u4rssbpqo5